CVE-2021-24368

Summary

The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link

Affected Software

VendorProductVersion RangeStatus
ExpressTechQuiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress7.1.18 < 7.1.18affected

Weaknesses

  • CWE-79: CWE-79 Cross-site Scripting (XSS)

ADP Enrichment

CVE Program Container

Additional References

References